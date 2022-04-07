A new year, there are cybercriminals using the tax return campaign to do phishing and be able to steal money from citizensas discovered by BitDefender and published by Aslan, a non-profit association made up of 164 technology companies.

This is a malspam campaign aimed at European users that alleges that there are irregularities in the payment of your taxes. Hackers target users of Windows devices and Android-based mobiles or tablets messages alerting about amounts pending payment in VAT returns.

An attachment that is a Trojan

The messages use the name and image of agencies responsible for collecting taxes from different European countries, so here they go on behalf of the Tax Agency. In the mail they will ask you to consult an attached file to access information about an alleged non-payment in VAT returns.

But that file is actually the LokiPWS Trojan, capable of stealing data such as username, password, information about cryptocurrency wallets and other credentials. This file is usually called “value added tax obligation.rar” or “defect in the payment of VAT1.rar”.

Bitdefender asks citizens to be vigilant and distrust these types of messages and they are sure that they will increase as this active period in paying taxes progresses.

Very active time in phishing

Taking into account that many procedures of the income statement can be done online, many cybercriminals often take advantage of this time of tax payment (or refunds) to steal information and money through phishing and malware. It is something that is repeated every year.

For example, in the past, the Spanish National Cybersecurity Institute (INCIBE) detected a fraudulent email campaign that supplanted the Tax Agency to spread malware. The email that citizens received had the subject “Fiscal Receipt. -[id81690024»[id81690024»

It must be remembered that the Tax Agency does not send emails about complaints to your company or tax refunds. If that happens, it will be a phishing scam.